Closed alexec closed 2 years ago
cjimti
commented
2 years ago kubefwd needs to ability to bind to low port numbers as well. The only way to avoid using sudo is to run it as root or set up a user with advanced permissions (depends on your operating system). You can also set sudo only to only require a password the first time it is run within a time period.
doppelrittberger
commented
1 year ago Hi sorry to pick this up again but I think a rootless option would make sense for a lot of use cases (e.g. restricted environments) Since you already provide the option to map ports it is easy to map them into rootless compliant port range. Would you mind to think about this option again? You could fail with the sudo-error message in case somebody wants to map a non-bindable port. Best regards
cjimti
commented
1 year ago This would also require root-less permissions to /etc/hosts, which sounds exceptionally dangerous.
doppelrittberger
commented
1 year ago I agree. Another solution would be to mimik a dns server and the admin would add this to /etc/resolv.conf. In that case you still have control about the order of dns query and can run rootless. What do you think?
In most cases, we only need to set-up the
hostsfile once. Asking forsudoagain is annoying.It should be possible to run
kubefwdwithout sudo, e.g.`